+ Reply
Page 1 of 4 123 ... LastLast
Results 1 to 20 of 63

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: Huge Secuirty Flaw in firmware 2.0.1 and 2.0.2

is a discussion within the

iPhone News

forums, a part of the

General iPhone

section;
Fortunately, there's a way to avoid this obvious security breach until Apple fixes it. First, password protect your phone and lock it. Then slide to unlock and do this: 1.
...
  1. #1
    Livin the iPhone Life
    Join Date
    Jul 2007
    Location
    City of Brotherly Love
    Posts
    1,834
    Thanks
    104
    Thanked 321 Times in 176 Posts

    Default Huge Secuirty Flaw in firmware 2.0.1 and 2.0.2
    Fortunately, there's a way to avoid this obvious security breach until Apple fixes it.

    First, password protect your phone and lock it. Then slide to unlock and do this:

    1. Tap emergency call.
    2. Double tap the home button.

    Done. You are now in your favorites. This seems like a feature, because you may want to have emergency number in your favorites for quick dial. The security problem here is double. The first: anyone picking up your phone can make a call to anyone in your favorites. On top of that, this also opens access to your full Address Book, the dial keypad, and your voice mail.

    If that wasn't bad enough, the second one is even worse: if you tap on the blue arrows next to the names, it will give you full access to the private information in a favorite entry. And it goes downhill from there:

    • If you click in a mail address, it will give you full access to the Mail application. All your mail will be exposed.
    • If there's a URL in your contact (or in a mail message) you can click on it and have full access to Safari.
    • If you click on send text message in a contact, it will give you full access to all your SMS.

    Hopefully, this major security break that fully exposes your most private information will be solved as soon as possible. Until then, you can avoid any potential breach doing the following:

    1. In the iPhone home, go to Settings.
    2. Click on General.
    3. Click on Home Button.
    4. Click on either "Home" or "iPod".

    This way, the double-click on the home button will take the user back to the unlock screen (if you use "Home") or the iPod screen. I recommend using Home. You will lose the ability to quickly access your favorites for a quick call—which is one of my favorite features—but that's better than having all your private mails, contacts, and SMS database compromised. UPDATE: Evidently Apple has a fix coming in their next firmware update, but we've got no word on when that release is planned


    Source: Major Security Flaw in 2.0.2 - Mac Forums and every other iphone news site and our own member RaMod and One1
    Last edited by .:MirrorminD:.; 08-28-2008 at 07:26 AM.
    [IMG]http://i480.photobucket.com/albums/rr164/sundayduffer/modmyimirrormind.png[/IMG]

  2. The Following 4 Users Say Thank You to .:MirrorminD:. For This Useful Post:

    dkaye (08-28-2008), flexa (08-27-2008), hjmk (08-29-2008), mazen662 (08-27-2008)

  3. #2
    iPhone? More like MyPhone
    Join Date
    Sep 2007
    Posts
    163
    Thanks
    14
    Thanked 8 Times in 8 Posts

    Wow, now Apple will have to think of ways to fix this.

  4. #3
    iPhone? More like MyPhone RaMod's Avatar
    Join Date
    Aug 2007
    Posts
    160
    Thanks
    17
    Thanked 72 Times in 38 Posts

    LOL!

    I posted this in the "Chat" section since I don't have the rights to post it as news and also sent the news to "cash" by private message

    I am glad you posted it as NEWS so people can see it. We all here to help!

    You can remove my post from the "Chat" section if you want!

    Thanks!

    RaMod
    Last edited by RaMod; 08-27-2008 at 01:09 PM. Reason: edit
    RaMod!
    If I helped you out, please press ... thanks!

    =The iPhone?!...wait!...what happened!?=


  5. #4
    My iPhone is a Part of Me
    Join Date
    Jan 2008
    Posts
    664
    Thanks
    374
    Thanked 36 Times in 35 Posts

    That sucks, I guess Apple better fix this ASAP....


  6. #5
    My iPhone is a Part of Me nycdiplomat's Avatar
    Join Date
    Nov 2007
    Location
    The big apple
    Posts
    572
    Thanks
    51
    Thanked 52 Times in 36 Posts

    i have my home button to bring up my ipod when i double tap. but still that is pretty bad...
    Verizon iPhone 4 jailbroken
    iOS 4.2.8
    I'm a NY GIANT!!!

  7. #6
    Green Apple
    Join Date
    Jul 2007
    Posts
    63
    Thanks
    3
    Thanked 3 Times in 3 Posts

    at least there is a working around until they can get it fixed. still sucks tho.
    32GB Black 3G[S]
    Blackra1n'd RC3

  8. #7
    Livin the iPhone Life billchase2's Avatar
    Join Date
    Jul 2007
    Location
    Ann Arbor
    Posts
    1,544
    Thanks
    78
    Thanked 60 Times in 52 Posts

    wow, that doesn't seem good.

    oh well, doesn't affect me. i don't use any of that security stuff. i just keep my iphone in my pocket at all times and don't leave it laying around for someone to steal.....
    21.5" iMac 3.06 GHz Intel Core i3 l 15" MacBook Pro 2.2 GHz Intel Core i7 l 17" PowerBook 1.67 GHz
    iPhone 4 32 GB l  TV 160 GB l 32 GB iPad

  9. #8
    iPhone? More like MyPhone
    Join Date
    Apr 2008
    Posts
    103
    Thanks
    7
    Thanked 13 Times in 10 Posts

    Wow, things like this delay me from firmware 2.0 add in reception rpoblems, lack of jailbroken apps, and a sluggish OS, I wonder how long it will be before I'm desperate to switch.

  10. The Following User Says Thank You to thestrangestick For This Useful Post:

    solarstar101 (08-27-2008)

  11. #9
    What's Jailbreak?
    Join Date
    Jul 2008
    Posts
    8
    Thanks
    2
    Thanked 1 Time in 1 Post
    Uff - I sent you to the BossPrefs on double click - hm I don't like it!
    Changed it to Home - that's way better!

  12. The Following User Says Thank You to iThinkpad For This Useful Post:

    solarstar101 (08-27-2008)

  13. #10
    iPhone? More like MyPhone
    Join Date
    Jun 2008
    Posts
    139
    Thanks
    2
    Thanked 3 Times in 3 Posts

    Just enable home button to be double clicked to go to home and maybe it brings you back to slide to unlock screen. iuno .. this I think we could fix as third party applications can enable theirselves to work when double clicking on the home button.

    somebody could try and create a pointless application that would respring&lock their iphones when somebody double clicks on it.

  14. The Following User Says Thank You to mrtonyyx For This Useful Post:

    solarstar101 (08-27-2008)

  15. #11
    oo3
    oo3 is offline
    iPhoneaholic oo3's Avatar
    Join Date
    May 2008
    Location
    Beaverton, OR
    Posts
    474
    Thanks
    89
    Thanked 61 Times in 48 Posts

    This is a big issue...

    In the other thread, some people were suggesting to have Boss Prefs become your double tap home, but I found a work around if you choose Boss Prefs.

    If you do the security hack, then double tap to pull up Boss Prefs, you can simply go to More, then Dock Icons. From there just add any icon to your Boss Prefs dock and select Done. Now press your Home button and it will reload your springboard. The thing is that once it's done loading, it will take you straight to your home screen, BYPASSING the emergency call. This will give you access to ALL of your apps, which seems worse than the original security hack.

    Your best bet to avoid this is to set your double tap as your iPod like what nycdiplomat said.

  16. #12
    iPhone? More like MyPhone mtwiford's Avatar
    Join Date
    Sep 2007
    Posts
    298
    Thanks
    8
    Thanked 48 Times in 35 Posts

    Great, now we get to pwn our phones all over again!
    ___________________________________________

    ......epic

  17. The Following User Says Thank You to mtwiford For This Useful Post:

    solarstar101 (08-27-2008)

  18. #13
    iPhone? More like MyPhone
    Join Date
    Jul 2008
    Posts
    107
    Thanks
    2
    Thanked 5 Times in 5 Posts

    It hurts me to say but the iPhone itself is a huge security flaw. Security and email encryption isn't a strong point for the iPhone.

  19. #14
    Green Apple
    Join Date
    Jul 2008
    Posts
    30
    Thanks
    3
    Thanked 3 Times in 2 Posts

    am i the only one that likes this? i don't have to enter my code to call my home phone or my job. LOVE IT!

  20. #15
    Previously Known as A.T MetallicaFan1991's Avatar
    Join Date
    Apr 2008
    Location
    Manchester, UK
    Posts
    1,582
    Thanks
    188
    Thanked 111 Times in 94 Posts

    The person or people who found this out should have kept it to themselves and told Apple.

    Now everyone knows it

    MBP 15" 2.66Ghz Core 2 Duo Nvidia 9400M 9600GT 256MB OS X 10.6.4 Windows 7 June 2009
    iPhone 4 August 28th

  21. The Following User Says Thank You to MetallicaFan1991 For This Useful Post:

    solarstar101 (08-27-2008)

  22. #16
    iPhone? More like MyPhone mtwiford's Avatar
    Join Date
    Sep 2007
    Posts
    298
    Thanks
    8
    Thanked 48 Times in 35 Posts

    They do now!
    ___________________________________________

    ......epic

  23. #17
    Green Apple
    Join Date
    Nov 2007
    Location
    Toronto
    Posts
    45
    Thanks
    2
    Thanked 0 Times in 0 Posts

    wow who cares about that. if I stole your iphone I won't even bother with that. I would just, do a restore and jailbreak and unlock it, then use it for myself. I wouldn't have to go into your favorites to do anything. If you leave it lying around you are asking for this to happen.

  24. #18
    iPhone? More like MyPhone riku98523's Avatar
    Join Date
    Jan 2008
    Posts
    192
    Thanks
    3
    Thanked 16 Times in 15 Posts

    Am I the only one who thinks this is stupid.

    Here is your steps to stop this from happening

    1.Don't let someone pick up your phone. Yeah that's it ........

    Facepalm) this is basically the same for any cell phone if someone stole my phone which I don't keep a lock on they would get my #s texts etc.

    Apple can fix this easy just by making the double click home button not do anything when the phone is locked.

  25. #19
    My iPhone is a Part of Me
    Join Date
    Aug 2008
    Location
    The Internet
    Posts
    617
    Thanks
    51
    Thanked 55 Times in 51 Posts

    I think this might be a bigger problem for people of actual importance. Honestly for most of us, the worst part about this might be some one checking your e-mail! But even then, you could change your password and solve that problem. For me, not that big of a deal.

  26. #20
    iPhone? More like MyPhone r1994augusto's Avatar
    Join Date
    Jul 2008
    Posts
    195
    Thanks
    61
    Thanked 3 Times in 3 Posts

    another thing is that if they send yoy a SMS you can see it without the passw.

+ Reply
Page 1 of 4 123 ... LastLast
Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts